Staff Security Software Engineer, Vulnerability Management - Slack

Salesforce is the #1 AI CRM, committed to making people’s working lives more secure through its Slack platform. The Staff Software Engineer will serve as a technical anchor for the Vulnerability Management team, focusing on building and maintaining systems to detect and remediate security vulnerabilities across the organization.

Responsibilities:

• Own the technical architecture and roadmap for vulnerability management tooling, including systems that automate identification, prioritization, tracking, and remediation of vulnerabilities across diverse ecosystems and environments
• Lead the design and development of high-quality, scalable engineering solutions, balancing long-term maintainability with the practical needs of a fast-moving security organization
• Drive integration strategy across vulnerability scanners, aggregation pipelines, and downstream systems, making principled decisions about data ownership, tool consolidation, and signal quality
• Define and evolve the metrics and reporting frameworks the team uses to measure program effectiveness, moving the organization toward risk-based measurement rather than activity-based compliance tracking
• Partner with cross-functional stakeholders including infrastructure, platform engineering, and product security teams to identify opportunities to embed security automation deeper into the development lifecycle
• Identify systemic gaps and ambiguous, high-priority problems that cut across team boundaries, propose solutions, and drive them to completion with or without direct authority
• Provide technical mentorship, design reviews, and code reviews to engineers on the team, helping others grow and maintaining a high standard of engineering craft
• Contribute to architectural decisions, tooling selections, and process improvements that have lasting impact on how the broader security organization operates

Requirements:

• U.S. Citizenship or Permanent Residency (Green Card holder). We are unable to provide visa sponsorship for this role
• 8+ years of industry software engineering experience, with a meaningful portion of that spent in security engineering, platform engineering, or infrastructure-adjacent domains
• Deep proficiency in Python, with a strong track record of writing production-grade, tested, maintainable code in complex systems
• Demonstrated experience owning and delivering end-to-end engineering projects, from early-stage design through production deployment and ongoing operation
• Experience building or maintaining integrations with security tooling such as vulnerability scanners, SIEM systems, or similar platforms
• Comfort working with CI/CD pipelines, version control workflows, and modern software delivery practices
• Experience working across teams and communicating technical concepts clearly to both engineers and non-technical stakeholders
• Strong judgment in the face of ambiguity, and a track record of asking the right questions before building rather than after
• Hands-on experience with vulnerability management tooling such as Wiz, Tenable/Nessus, Twistlock, or similar products, particularly in cloud or containerized environments
• Solid understanding of vulnerability management concepts, including how vulnerabilities are discovered, classified, prioritized, and remediated in enterprise environments
• Familiarity with compliance frameworks relevant to government or regulated environments, such as FedRAMP or DoD IL5/IL6
• Experience working with large-scale vulnerability aggregation systems or homegrown data pipelines that normalize findings across multiple scanners
• Background in building automated remediation workflows, such as automated PR generation for dependency vulnerabilities or patch orchestration across diverse package ecosystems
• Experience with cloud environments (AWS, Azure, GCP) and containerized workloads at scale
• Contributions to the security or software community through open-source projects, published research, conference talks, or similar